Vulnerability Details : CVE-2014-8310
The CMS CORBA listener in SAP BusinessObjects BI Edge 4.0 allows remote attackers to cause a denial of service (server shutdown) via crafted OSCAFactory::Session ORB message.
Vulnerability category: Input validationDenial of service
Products affected by CVE-2014-8310
- cpe:2.3:a:sap:businessobjects:4.0:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2014-8310
3.42%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 91 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2014-8310
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
7.1
|
HIGH | AV:N/AC:M/Au:N/C:N/I:N/A:C |
8.6
|
6.9
|
NIST |
CWE ids for CVE-2014-8310
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-8310
-
http://www.onapsis.com/resources/get.php?resid=adv_onapsis-2014-030
Page Not Found | Onapsis
-
http://packetstormsecurity.com/files/128600/SAP-Business-Objects-Denial-Of-Service-Via-CORBA.html
SAP Business Objects Denial Of Service Via CORBA ≈ Packet Storm
-
http://www.securityfocus.com/archive/1/533646/100/0/threaded
SecurityFocus
-
http://scn.sap.com/docs/DOC-8218
Acknowledgments to Security Researchers - Security and Identity Management - SCN WikiVendor Advisory
-
http://seclists.org/fulldisclosure/2014/Oct/40
Full Disclosure: [Onapsis Security Advisory 2014-030] SAP Business Objects Denial of Service via CORBA
-
https://service.sap.com/sap/support/notes/2001106
Vendor Advisory
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/96875
SAP BusinessObjects CMS CORBA listener denial of service CVE-2014-8310 Vulnerability Report
-
http://www.securityfocus.com/bid/70308
SAP BusinessObjects Denial of Service Vulnerability
Jump to